package controllers;

import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.persistence.Query;

import org.apache.commons.lang.StringUtils;

import controllers.Secure.LoginType;

import models.Administrator;
import models.User;
import models.rbac.Privilege;
import models.rbac.Role;
import play.db.jpa.JPA;
import play.mvc.Router;
import play.mvc.Router.Route;

/**
 * 覆盖Secure模块的验证逻辑，使用自己的验证逻辑
 * 
 * @author ray.wu
 *
 */
public class Security extends Secure.Security {
	
	static Map<Role, List<Privilege>> privilegeMap = new HashMap<Role, List<Privilege>>();
    
    /**
     * 判断用户是否有登陆权限
     * 
     * @param username
     * @param password
     * @return
     */
    static LoginType authenticate(String username, String password) {
    	LoginType result  = LoginType.NONE;
    	
    	if(username!= null && password != null){
    		User user = User.find("byUsername", username).first();
    		boolean userCheck = user != null;
    		if(userCheck){
    			boolean usernameCheck = username.equals(user.username);
        		boolean passwordCheck = password.equals(user.password);
        		
        		if(usernameCheck && passwordCheck) {
        			result = LoginType.USER;
        		}
    		}
    	}
    	Administrator admin = Administrator.find("username = ? AND password = ?", username, password).first();
    	if(admin != null){
    		Role role = admin.role;
    		if(!privilegeMap.containsKey(role)){
    			Query query = JPA.em().createQuery("select p from Privilege p join p.roles r where r = :role");
    	        query.setParameter("role", role);
    	        List resultList = query.getResultList();
    	        privilegeMap.put(role, resultList);
    		}
    		result = LoginType.ADMIN;
    	}
        return result;
    }    
    
    /**
     * 权限判断
     * 
     * @param profile
     * @return
     */
    static boolean check(String profile) {
    	
    	boolean result = false;
    	
    	if("user".equals(profile)){
    		User user = User.find("byUsername", connected()).first();
    		if(user != null){
    			result = true;
    		}
    	}
    	
    	if("admin".equals(profile)){
    		Administrator admin = Administrator.find("byUsername", connected()).first();
    		if(admin != null){
    			Route route = Router.route(request);
    	        System.out.println(String.format("%s %s -> %s.%s", request.method, request.url, route.action, route.method));
    	        
    	        List<Privilege> privileges = privilegeMap.get(admin.role);
    	        if(privileges != null){
	    	        for(Privilege p : privileges){
	    	        	//面向方法
	    	        	if(StringUtils.equals(p.resource.name, route.action) && 
	    	        			StringUtils.equals(p.resource.name, route.method)){
	    	        		return true;
	    	        	}
	    	        	//面向资源
	    	        	if(StringUtils.equalsIgnoreCase(p.resource.name, request.url) && 
	    	        			StringUtils.equalsIgnoreCase(p.operation.name, request.method)){
	    	        		return true;
	    	        	}
	    	        }
    	        }
    		}
    	}
      
        return result;
    }    
}